Governments continue to try to regulate cyberspace, often with little effective impact. Security professionals struggle to design and operate infrastructure that will comply with rules written with Semantically Intentional Ambiguous Meaning (SIAM). Learn from the classrooms of one of the world's great universities the new methods for navigating those challenges and putting in place rules that are effective for managing infrastructure.

What have we learned from 2017's biggest breaches and how will we deal with 2018's emerging threats? Attempting to look both backward and forward over the cyber landscape, Peter Wood will review lessons learned and apply them to the evolving threatscape.

Dynamic, volatile, innovative. Cloud security is all of these and more. How can cloud service vendors turn the constant parade of new threats into a continuing opportunity to increase customer loyalty? How can customers gain trust in their service vendors despite the parade? Learn how in this webcast.

As organizations continue to ramp-up their migration to cloud-based environments, they will need to account for the associated security and control risks. There are hidden dangers and blind spots that arise through the use of virtualization technology in the data center. These hidden dangers and blind spots become more prevalent as business-critical applications are increasingly deployed on the public cloud. This is a problem considering that an organization’s operations are dependent on a cloud environment that inherently has a huge visibility gap.

Many are now making the necessary changes to keep data secure in the cloud. This talk will focus on how to pragmatically accomplish cloud security through increased emphasis on cloud network visibility and cloud access security brokers. Enterprises that can properly implement appropriate cloud network visibility and cloud access security brokers will experience a third fewer security failures. Learn about practical steps and tools that you can use for accomplishing cloud security in your organization.

If your processing and data is in the cloud, how can you deliver assurance, compliance and governance? How do you find the flaws and soft spots that criminals will exploit? From browser to database, through human factors and end points, this presentation will take a threat-based approach to securing the cloud.

Ahmed Banafa, Lecturer and IoT Expert, College of Engineering, San Jose State University

As the Internet of Things (IoT) adds more and more devices to the digital fold every day, organizations of all sizes are recognizing the IoT's potential to improve business processes and, ultimately, accelerate growth.

Meanwhile, the number and variety of IoT solutions has expanded exponentially, creating real challenges. Chief among them: the urgent need for a secure IoT model for performing common tasks such as sensing, processing, storing information, and communicating. But developing such a model involves overcoming numerous hurdles.

Of course, there are multiple ways of looking at the IoT. For instance, the system view divides the IoT into blocks, such as connected things, gateways, network services, and cloud services, while the business view consists of platform, connectivity, business model, and applications. But one common thread connects all these views: security is paramount

IoT applications and devices is the next wave of technology, but security is a big concern. This webinar will explain the convergence of IoT and Blockchain technology.

There are many challenges for data privacy legislation within a boundary-less cloud computing and World Wide Web environment. Despite its importance, there is limited research around data privacy law gaps and alignment, and the legal side of the security ecosystem seems to constantly be playing catch-up.
This research is supported by STRATUS (Security Technologies Returning Accountability, Trust and User-Centric Services in the Cloud) (https://stratus.org.nz),

Shuqi Huang, Research Analyst of CSA and David Siah, Country Manager of TrendMicro Singapore

Cloud as the enabler of Internet of Things (IoT) and data analytics, the incorporation of cloud computing is critical for the successful implementation of these leading-edge technologies. Countries and organizations moving towards Industry 4.0 are highly dependent on cloud computing, as it is the basis for this revolutionary transition. However, complications and confusion arising from regulations (or lack thereof) surrounding cloud usage hinder cloud adoption.

During this webcast, we will discuss some of the findings from the CSA “State of Cloud Adoption in Asia Pacific (APAC) 2017” report and examine the availability and affordability of cloud computing in the APAC region.

Humans have been protecting our complex network infrastructures for decades with varying degrees of success, while eusocial insects such as ants are capable of withstanding countless attacks on their networks.

This presentation is about what ants in general and Leafcutter Ants in particular approach security and how we can learn from these survivors of millions years of warfare.

You will learn:
-How social insects (ants) are dealing with predictive analysis
-Applying the defense mechanism of ants on threat intelligence
-How information sharing and communication can lead to better security
-Data and Identity Management

Nicola Franchetto will discuss in a practical and business oriented way, the new provisions of the GDPR and how the PLA Code of Conduct supports compliance with the forthcoming EU Data Protection Legislation. More precisely, Franchetto will highlight the true privacy compliance “game changers” introduced by the GDPR and offer the audience practical inputs on how to set up a sound and effective corporate Data Protection Compliance Programme, which will also include having a PLA in place with Cloud Service Providers.

- InnoSec is the winner of the EU commission Horizon 2020 grant based on its innovation in GDPR and cyber risk -

GDPR is an urgent issue that has companies scrambling to be compliant by May of 2018. Any organization that processes EU citizen data is in scope and the penalties are severe.

Alignment with the requirements can reduce the chances of triggering a Data Protection Authority (DPA) to investigate a company’s privacy practices after the GDPR takes effect in May 2018. DPAs can impose a fine on companies of up to 4% of annual global revenues for egregious violations of the GDPR. Member states can also add to these fines. The Netherlands, for instance, has more than doubled its own fining capacity to 10% of annual revenues. European privacy advocates are pressuring DPAs to fully exercise these new powers after May 2018.To manage this risk, multinationals should have a means to demonstrate alignment with the GDPR requirements and communication of this program with DPAs that have jurisdiction over their major European operations.

InnoSec’s GDPR solution provides privacy impact and risk assessments which measure the confidentiality and integrity of the system and the risk associated to it meeting articles 1,2, 5, 32, 35 and 36. Additionally, we provide a readiness gap analysis for managing, planning and budgeting for GDPR.

Most e-commerce, educational and multi-national organizations process EU citizen data and are in scope for GDPR. Moreover, most organizations are not ready according to Gartner and his means the race to the finish line requires as much automation as you can afford. InnoSec provides a means for companies to save money and time with their GDPR assessment and gap analysis offering.. Our GDPR offering automates the assessment process and provides a gap analysis readiness feature, that also ensures that organizations can plan, budget and manage their GDPR program.

Our panel of data protection experts will be discussing the compliance considerations that you need to be assessing for May 2018 along with suggesting next steps from a cyber and general security standpoint.

We'll also be asking YOU at what stage you're at in terms of your preparations via a series of interactive benchmarks as we go through the session to get a sense of where the security community is at in terms of preparations.

-------------

GDPR and its May 2018 deadline are now fully the minds of the vast majority of security professionals and with massive fines on the horizon for non-compliance, now is a better time than ever to get to grips with the legislation and ensure that your organisation is secure and compliant.

It’s vital that your business has carried out the relevant preparations for compliance by then to make sure you don’t get whacked with a huge fine of up to £15m or 4% of your organisation’s global annual turnover.

Not only are there potentially huge financial repercussions, but leaving your business open to attack and your customers at risk can cause serious reputational damage.

The EU General Data Protection Regulation (GDPR) was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy, and to reshape the way organizations across the region approach data privacy. Acknowledging identity threats like phishing and man-in-the-middle attacks, the GDPR applies to all companies processing and holding the personal data of those residing in the European Union, regardless of the company’s location.

An excerpt from the GDPR describes authentication as ‘key to securing computer systems’ and as the first step ‘in using a remote service or facility, and performing access control’. The document also outlines various GDPR-compliant authentication solutions, such as smart card, OTP push apps, and FIDO Universal 2nd Factor (U2F).

Yubico’s enterprise solution - the YubiKey - combines support for OpenPGP (an open standard for signing and encryption), FIDO U2F (a protocol that works with an unlimited number of applications), and smart card / PIV (a standard that enables RSA or ECC sign/encrypt operations using a private key stored on the device) all in one multi-protocol authentication device. This makes it a strong and flexible solution for companies required to comply with GDPR. Attend this webcast and learn:

•How GDPR will impact the way organizations worldwide store and access the personal information of EU citizens
•How to leverage open standards to achieve GDPR compliance for strong authentication
•How a multi-protocol authentication device protects organizations from phishing and man-in-the-middle attacks

Cross-platform frameworks, such as Apache Cordova, Adobe PhoneGap, or SAP Kapsel are becoming increasingly popular. They promote the development of hybrid apps that combine native, i.e., system specific, code and system independent code, e.g., HTML5/JavaScript. Combining native with platform independent code opens Pandora's box: all the security risks for native development are multiplied with the security risk of web applications.

In this talk, we will give a short introduction into hybrid app development, present specific attacks and discuss how Android developers are using Apache Cordova. In the second half of the talk, we will focus on the secure development of hybrid apps: both with hands-on guidelines for defensive programming as well as recommendations for hybrid app specific security testing strategies.

Speaker bio:

Dr. Achim D. Brucker (https://www.brucker.ch) leads the Software Assurance & Security Research Team (https://logicalhacking.com) at the University of Sheffield, UK. Until December 2015, he was a Security Testing Strategist in the Global Security Team of SAP SE, where, among others, he defined the risk-based security testing strategy of SAP. He is a frequent speaker at security conferences.

Are we filling our homes and carrying around in our pockets, our biggest cybersecurity vulnerabilities? Join us in a lively debate where we will discuss the increase in IoT and smart devices, some of the lesser talked about threats and what steps are being taken to reduce the risk to the imminent smart device mutiny of future.

Just how dangerous, inefficient, and ineffective are the endpoint security solutions used in most organizations today? Ponemon Institute independently surveyed hundreds of IT security professionals to find out — and are ready to share the surprising results in this important webinar.

On July 27th, join founder and chairman, Dr. Larry Ponemon, and Richard Henderson, global security strategist at Absolute, for an interactive webinar on the results, including:

• Exposing the largest dangers and greatest inefficiencies with endpoint security management today
• Average financial and productivity costs associated with insecure systems – and how to mitigate in your organization
• Steps you can take now to prevent attacks and stay compliant

The move to digital business is exposing the limits of existing trust infrastructures. Rapid growth in the number of deployed certificate authorities (CAs). Increased burden on multiple PKI point solutions deployed to address specific problems. And while IT grapples to support tactical implementations of PKI, the demands of digital business overwhelmingly require a more strategic and holistic approach.

What's required is a centralized yet agile overarching trust framework that can easily accommodate multiple use cases today and in the future.

This webinar looks at the steps you can take to build an agile trust infrastructure with a centralized PKI deployment.

* Digital Trust at Scale Learn how to build a PKI that supports endpoint diversity, evolving and multiple use cases and integration with complimentary solutions.
* Streamline PKI Deployment Discover how a trust infrastructure can be deployed and managed across your organization to mete the requirements of today's dynamic and distributed business models
* Simplify 3rd Party CA Key Migration Find out how you can migrate certificates from other vendor systems without having to distribute a new trust anchor and without the need to generate new keys and certificates.

The only thing that can stop the security world discussing WannaCry was another large ransomware attack; which is exactly what happened at the end of June in the shape of Petya / notPetya / Goldeneye.

The attacks compromised several global organisations and hit the headlines worldwide.

In this session the moderator and panelists will cover the following:

Where did Petya originate and who was responsible?

- What halted the spread?

- Why was it such an effective and newsworthy cyber attack?

- Should you be worried about something similar happening to your business?

- What you do to be better prepared to defend against similar ransomware striking again?

Tune into this session to get the lowdown on where the attacks came from; who was behind them; what they mean for the cyber security industry and how you can improve the protection for your business the next time something similar rolls along.

The rise in large scale data breaches has been accompanied by a growing number of data privacy reporting regulations across the world. The latest of these, the General Data Protection Regulation (GDPR) will require companies to notify the regulator of a serious incident within 72 hours.

Companies therefore need to look at their cybersecurity incident response plans and how technology can be leveraged to improve their ability to detect and respond to security incidents faster.

Join IBM Resilient on July 12 at 2pm to review how organisations can build in data privacy reporting into their incident response strategy whilst using security automation and orchestration tools to enhance their IR processes.

Attendees will learn:

•The latest on breach notifications and GDPR; what actions are expected of organisations if data belonging to EU citizens is compromised.

•How to operationalise GDPR using automation and orchestration to improve IR processes

Fresh of the heels of WannaCry this week has seen the Petya / notPetya / Goldeneye attacks strike many global organisations in a wave of devastating ransomware attacks.

Questions need to be raised though:

- Where did Petya originate and who was responsible?

- What halted the spread?

- Why was it such an effective and newsworthy cyber attack?

- Should you be worried about something similar happening to your business?

- What you do to be better prepared to defend against similar ransomware striking again?

Tune in live to this interactive ask the expert webinar with McAfee Chief Scientist Raj Samani as he takes your questions on the attacks and suggests ways that you can defend yourself from similar variations in the future.

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and security skills. It is the owner and developer of the world famous Certified Ethical Hacker (C|EH), Computer Hacking Forensics Investigator (C|HFI) and EC-Council Certified Security Analyst (E|CSA)/License Penetration Tester (L|PT) programs, and various others offered in over 60 countries around the globe.